Password Tool Back to generator

Security guide

Browser Support for Local Password Generation

Learn how PwdGen works in Chrome, Edge, Safari, Firefox, and mobile browsers, and what happens if Web Crypto is unavailable.

Summary

PwdGen is built for modern browsers that support the Web Crypto API. Password generation, password strength estimation, passphrase tools, and local utilities run in the browser rather than on a PwdGen server. That design works across Chrome, Edge, Safari, Firefox, and current mobile browsers when crypto.getRandomValues() is available.

Chrome support

Chrome supports Web Crypto in secure contexts and is the primary browser used for PwdGen development checks. The Chrome extension package follows the same local-only model: no remote scripts, no host permissions, and no password storage.

Edge support

Microsoft Edge is Chromium-based and supports the same Web Crypto primitives used by PwdGen. In normal usage, Edge users can generate, copy, and evaluate passwords locally in the same way as Chrome users.

Safari support

Safari supports Web Crypto on modern macOS and iOS releases. Mobile Safari users should remember that copied passwords may remain in the system clipboard until replaced, and iCloud Keychain or another password manager should be used for long-term storage.

Firefox support

Firefox supports crypto.getRandomValues() and can run the generator locally. Some automated local test environments have had connection-reset issues unrelated to page behavior, so production verification focuses on the browser API and privacy boundary rather than one local harness.

Mobile browser support

Mobile browsers can generate secure random passwords as long as they expose Web Crypto. The PwdGen layout keeps buttons large enough for touch interaction and keeps generated passwords left-to-right even in RTL locales.

Web Crypto requirement

PwdGen requires a cryptographic random source. The generator requests random bytes from crypto.getRandomValues() and maps them to character choices with rejection sampling. This avoids using Math.random(), which is not specified for security-sensitive use.

If Web Crypto is unavailable

PwdGen fails closed. The page remains readable, but password controls are disabled and a warning explains that secure generation requires a modern browser. It is better to show no generated password than to silently create weak credentials.

Local-only generation statement

Generation and checking run in the browser. PwdGen does not upload generated passwords, existing passwords entered into the checker, passphrases, or exported values. Local generation cannot protect a compromised device, malicious extension, unsafe clipboard, phishing page, or destination service with weak password storage.

For implementation details, read the security methodology and the client-side password generation whitepaper.

Frequently asked questions

Which browsers does PwdGen support?

PwdGen is designed for modern versions of Chrome, Edge, Safari, Firefox, and current mobile browsers that expose the Web Crypto API.

What happens if Web Crypto is unavailable?

Password controls are disabled and a compatibility warning is shown. PwdGen does not fall back to Math.random() for password generation.

Does browser support change the privacy model?

No. In supported browsers, generation and evaluation run locally. The main privacy limits are the device, browser extensions, clipboard, and destination service.

Sources